The story so far:
On December 28, the Financial Intelligence Unit India (FIU IND) issued show-cause notices to 9 offshore virtual digital asset service providers (VDA SPs), including Binance, Kucoin, Huobi, Bitfinex and MEXC Global, among others. This was for “operating illegally” without complying with the provisions of the Prevention of Money Laundering Act, 2002 (PMLA). It has also been written to the Secretary at the Ministry of Electronics and Information Technology to block URLs of the mentioned entities.
What is the premise of the non-compliance?
In March 2023, Virtual Digital Asset Service Providers (VDA SPs) in India were brought under anti-money laundering/counter financing of terrorism regulations. They were mandated to comply with PMLA 2002, verify the identities of onboarded clients, and maintain records of their financial positions and potentially suspicious transactions. This obligation applies to all VDA SPs operating in India irrespective of physical presence. Non-registration made entities non-compliant despite serving Indian users. To put it in perspective, the entities “though catering to a substantial part of Indian users were not getting registered and coming under the Anti Money Laundering (AML) and Counter Financing of Terrorism Network (CFT) framework”.
Currently, 31 VDA SPs have registered with FIU IND.
What purpose does the PMLA compliance serve?
According to Ranjana Adhikari, Partner at INDUSLAW the objective of the PMLA and its reporting obligation are to enable monitoring and tracking of financial transactions to curb money laundering and terror financing. She further observes, “While there is no denying that such AML and CFT measures are imperative for today’s global financial ecosystem, the FIU IND should seek compliance only from those entities who fit within the parameters of the March 2023 notification and are capable of providing the information FIU and PMLA require.”
Furthermore, Vipul Kharbanda, an independent legal researcher specialising in matters relating to finance and related virtual assets, told The Hindu that VDA SPs adhering to KYC mandates would be beneficial for them only. “It addresses one of the primary concerns of any regulator about the purported anonymity of the crypto assets and their potential use for unlawful purposes,” he states, adding that mandatory KYC verifications would ensure lack of anonymity and businesses not encountering multiple hurdles.
Separately, Ms. Adhikari also argues that the government has made it amply clear that it intends to enforce PMLA obligations on offshore entities if they satisfy the ingredients of the March 2023 PMLA notification on VDA SPs. “This is also in line with India’s efforts through the G-20 where it has been advocating for global regulation of cryptocurrency and consequently the framework proposed by the International Monetary Fund and the Financial Stability Board to the G-20 in September 2023 is likely to be actioned in 2024,” she stated.
How are other countries regulating virtual assets?
One of the more comprehensive regulatory regimes in the realm belongs to the Dubai Virtual Assets Regulatory Authority (VARA). The standout feature of the “bespoke” regulatory regime is their licensing framework. It aims to foster “consumer protection” and “prevent illicit finance”. The mandatory licences are comprehensively categorised based on the service that the entity wants to offer in the market (such as advisory services, exchange services, broker-dealer service and/or transfer and settlement services, among others). For obtaining the mandatory licence in the Emirate, it imposes an obligation to comply with AML-CFT laws relevant to “its VA activities, businesses or operations in any jurisdiction at all times”.
In the European Union, the Markets in Crypto-Assets Regulation (MiCA) endeavours to institute uniform EU market rules for crypto-assets. The regulation is premised around “transparency, disclosure, authorisation and supervision of transactions”. It would provide measures to tackle market manipulation, prevent money laundering, terrorist financing and other criminal activities. Service providers under this common law would require authorisation to operate in the region. Consumers would be better informed about the risks, costs and charges linked to their operations. Furthermore, “significant” service providers would be required to disclose their energy consumption – part of the endeavour to reduce high carbon footprint.
Though entered into force in June 2023, the legislation is still in consultation stages. The final report is expected in June 2024.
Across the Atlantic, the U.S. does not have a thorough nationwide regulatory framework at present. Some digital assets and related activities are covered under certain existing regulations, such as the Bank Secrecy Act and the Anti-Money Laundering Act of 2020.
What all considerations and approaches emerge when looking to regulate VDAs?
The Bureau for International Settlements (BIS), that is the global forum for cooperation among central banks, in a report about financial stability from crypto assets in emerging economies (August 2023) had observed three high-level policy options under consideration. These include an outright ban, containment and regulation.
BIS observed that an outright ban may not prove enforceable. This is because of the pseudo-anonymous nature of crypto markets. On the contrary, there could be a possibility that regulators lose all sight of the market, further shrinking their transparency and making them less predictable.
Containment on the other hand would imply controlling the flows between crypto markets and traditional financial systems or limiting their connections. However, BIS argued that the strategy would not address the vulnerabilities inherent in the crypto markets and could result in financial stability risks.
About regulation, motivation to regulate the asset varies across jurisdictions. The report holds that it must be ensured that benefits of regulating and supervising are greater than the costs involved. Costs may vary as per the characteristics of a country. Furthermore, for emerging market economies (EMEs), three issues are of particular importance, that is: defining the (regulatory) authority or entity and their scope, then the scope of regulation in terms of either activity or entity, and lastly, filling in the data gaps to understand the technology and interconnections.
